LF-3270 Test Plan

https://lite-farm.atlassian.net/browse/LF-3270

Currently JWT expiration is set at 7d.

Desired implementation:

Best practices to keep JWT tokens very short lived (e.g.: ~10 minutes) and to have them periodically refreshed using a single-use HTTP-only cookie (AKA: refresh token).

Area / scope to test

Front end

Back end

Model

Notes

Area / scope to test

Front end

Back end

Model

Notes

Requirement specific constraints

  • Testing as per Jira ticket

To test this the user needs to follow several steps:

  1. Get a new access and refresh token

  2. Null out the refresh token.

  3. Hit an endpoint both before and after the access token expires.

  4. Ensure it works before and fails after.

 

 

Role based constraints

 

 

 

Does role determine what a user can see or do? Is this enforced uniformly across the front end and back end?

User preferences constraints

 

 

 

Is this impacted by user or farm preferences such as language, system of measure, certification status?

Numerical input constraints

 

 

 

Do we appropriately handle negative, very small, very large, or 0 as inputs?

Text input constraints

 

 

 

Do we appropriately handle blank, very small, and very large inputs? Is there a strict format (such as email) that must be followed?

Date based constraints

 

 

 

Are there logical restrictions on what dates can be input? Should a use be able to complete something in the future for example.

Date based assumptions

 

 

 

Are we making valid assumptions about what dates should be allowed?

Timezone driven interactions

 

 

 

If timezones play a role in the data, are they being displayed or converted appropriately?

Interaction / transitioning UI based constraints

 

 

 

Is the UI transitioning appropriately? Is the API providing da

Flow based constraints

 

 

 

Is state being preserved appropriately in a flow? If I go back and then forth, is it maintained? Is state invalidated when it should be?

Synchronous / asynchronous constraints

 

 

 

Is the interaction synchronous, asynchronous, or does it support both? Can you simulate both if so?

Time-out / low bandwidth constraints

 

 

 

Does the feature fail gracefully under no bandwidth / low bandwidth environments?

Data transformation correctness

 

 

 

Are values appropriately updated when units change? Is it WYSIWYG?

Outcome correctness

 

 

 

When inputting known inputs with expected outputs - do you get the results you expect? Have you tested several “cases” of this?

Switching farms

 

 

 

Does this feature respond well to switching farms (and returning)?

Notification constraints

 

 

 

Should a notification be marshalled based on this action?

Cascading effects

 

 

 

Are there logical places

Integration constrains

 

 

 

Do we need to ensure state is consistent between LiteFarm and the external service? What failure cases do we need to handle? How do we report back the outcome to the user or external service?

Concurrency

 

 

 

How do changes made to records affect other users on the farm? e.g. What happens when a record is soft deleted while another user is viewing said record?